Max Vozeler discovered several format string
vulnerabilities in the movemail utility of Emacs. They can
be exploited when connecting to a malicious POP server and
can allow an attacker can execute arbitrary code under the
privileges of the user running Emacs.

Max Vozeler discovered several format string
vulnerabilities in the movemail utility of Emacs. They can
be exploited when connecting to a malicious POP server and
can allow an attacker can execute arbitrary code under the
privileges of the user running Emacs.

Paul Ling has found a security flaw in the file-local
variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is
set to `:safe' (the default value is t), Emacs should
automatically refuse to evaluate `eval' forms in file-local
variable sections. Due to the bug, Emacs instead
automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe',
visiting a malicious file can cause automatic execution of
arbitrary Emacs Lisp code with the permissions of the
user.

Paul Ling has found a security flaw in the file-local
variables code in GNU Emacs.

When the Emacs user option `enable-local-variables' is
set to `:safe' (the default value is t), Emacs should
automatically refuse to evaluate `eval' forms in file-local
variable sections. Due to the bug, Emacs instead
automatically evaluates such `eval' forms. Thus, if the user
changes the value of `enable-local-variables' to `:safe',
visiting a malicious file can cause automatic execution of
arbitrary Emacs Lisp code with the permissions of the
user.